Q: Phishing SMS/text sent through APPLE
-
Oct 19, 2016 8:27 PMby zinacef,You might want to follow the instructions provided here -- If you think your Apple ID has been compromised - Apple Support
-
Oct 19, 2016 8:38 PMby zinacef,I'm finding it kind of hard to believe, with two-step (not "factor") verification in place, that the thieves were still able to break into your account, because with 2SV, they will need to have one of these -- password, verification code, and/or recovery key.
Frequently asked questions about two-step verification for Apple ID - Apple Support
-
Oct 19, 2016 8:57 PMby LACAllen,Anyone with your phone number can send you an SMS. They don't need anything from Apple.
Apple does not send notifications when you phone has been found. By any means.
You and you alone mange the "Find My Phone " portion of "Find My Phone". Apple does not proactively look for lost or stolen devices.
Apple does not have a "validate" your account process. Those emails were bogus.
It seems you have a new phone. Does it have the same number as before?
People report these emails and SMSs daily. Most have never lost a phone at all.
-
Oct 19, 2016 9:14 PMby fishhhcake,Changed my mobile number. The SMS was sent as from 'Apple' to the number I provided in the 'Lost my iPhone' custom message. Reported both emails and SMS to Apple.
When I mean sent from 'Apple,' it was sent from the same 'Apple' which provides me the verification codes for logging on to iCloud. That's what I find scary.
-
Oct 19, 2016 9:17 PMby LACAllen,Changed my mobile number. The SMS was sent as from 'Apple' to the number I provided in the 'Lost my iPhone' custom message. Reported both emails and SMS to Apple.
Then that would be from the "custodian" of your phone I would guess. They know they can't get past activation lock and are attempting to phish the password from you.
I still wouldn't think the code is genuine either. Did you make your new phone a trusted device for that Apple ID already? If not, Apple would have no "path" to get you codes yet.
-
Oct 19, 2016 9:26 PMby fishhhcake,Yes, my new phone (dual sim, both new numbers) is already a 'trusted device' for my Apple ID after I recovered my Apple ID. Changed my trusted mobile number to a new number, then changed it again after I used the first new number as a contact number for the 'Lost my iPhone' custom message.
'Apple' sent the 'iPhone found' SMS to my first new number. It is no longer associated with my Apple ID, but is still on the custom message for my iPhone on Lost Mode.
And yes, I have been receiving legitimate verification codes on the new numbers (the first when it was still my trusted number but not anymore), or else I wouldn't go beyond the two-step verification of iCloud
-
Oct 19, 2016 9:29 PMby fishhhcake,I don't believe that it is Apple sending it that's why I reported it to Apple Support.
How were the hackers able to send me an SMS from 'Apple' yes it is the same Apple sending me verification codes which I use to be able log in to my iCloud now.Anyway, I hope you get what I'm trying to explain. But still, thanks for the help.
-
Oct 19, 2016 9:35 PMby LACAllen,I have twice already explained what I believe is happening.
Bad guys have your phone, YOU gave them a number, via Lost Mode, to contact you with. They have done exactly that, pretending to be Apple.
There is is little you can do now. Without your current password, they can't use your phone and they know this. This is why they are making the effort to phish that password from you.
You want to know how & why and I believe I've told you.
-
Oct 19, 2016 9:39 PMby Camelot,How were the hackers able to send me an SMS from 'Apple'
It's pretty trivial to send an SMS from any number you like. About as easy as spoofing CallerID on a voice call, and only marginally harder than spoofing an email address (did the president@whitehouse.gov really just send you an email?)
